last executing test programs: 8.823126912s ago: executing program 2 (id=474): openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x25) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$inet6(0xa, 0x1, 0x0) gettid() r1 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r1, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r1, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0) 8.817756152s ago: executing program 3 (id=475): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58) 8.328183649s ago: executing program 1 (id=476): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x20) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000140)=0x20, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x40, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000100)=0x20, 0x4) bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0x0, r2}, 0x10) r3 = syz_io_uring_setup(0x2402, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x2, 0xe1}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x12, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r3, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 7.533390201s ago: executing program 0 (id=477): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x42, 0x80000009, 0x2}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x2, 0xffffffff}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x10) bind$tipc(0xffffffffffffffff, 0x0, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) bind$tipc(r2, 0x0, 0x0) 7.453291393s ago: executing program 2 (id=478): syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) 7.385678244s ago: executing program 1 (id=479): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r1) r2 = shmget$private(0x0, 0x4000, 0x8, &(0x7f0000ffc000/0x4000)=nil) shmctl$SHM_STAT(r2, 0xd, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x6, 0x500) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000013c0)={&(0x7f0000000100)="ab624a578fc65b56d7e7787302d9317cfc5652f8dada36", &(0x7f00000001c0)=""/172, 0x0, &(0x7f0000001280), 0xec, r3, 0x4}, 0x38) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_GET_XSAVE2(0xffffffffffffffff, 0x9000aecf, &(0x7f0000ffe000/0x1000)=nil) syz_emit_vhci(&(0x7f0000001940)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x3, 0x0, 0x428}}}, 0x7) io_uring_enter(0xffffffffffffffff, 0x502f, 0x5c34, 0x5, 0x0, 0x0) mmap$snddsp_control(&(0x7f0000ffd000/0x2000)=nil, 0x1000, 0x2, 0x13, 0xffffffffffffffff, 0x83000000) 6.094236194s ago: executing program 3 (id=481): syz_io_uring_setup(0x49c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x1, [0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6}) 6.079330834s ago: executing program 2 (id=482): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioperm(0xd1df, 0x7, 0x9) remap_file_pages(&(0x7f00005f4000/0x3000)=nil, 0xa00, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000bca) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000580)={r2, 0x1}, 0xc) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x2406c014, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000780)={0x0, &(0x7f00000006c0)=""/178, 0x0, 0xb2, 0x1, 0x80}, 0x28) sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840) 6.078421164s ago: executing program 0 (id=483): syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff) r0 = socket(0x2, 0x80805, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000240)={0x6, 0x101, 0x206, 0x381, 0x754d, 0x6, 0x9, 0xf, r5}, 0x20) 5.994069955s ago: executing program 1 (id=484): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0xb46, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=0x0, &(0x7f0000000080)=0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4000, @fd, 0xd4b, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0) 5.740484209s ago: executing program 3 (id=485): bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x5, 0x84) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) socket$pppl2tp(0x18, 0x1, 0x1) socket$alg(0x26, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d97405010000000008000240000000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 4.580879898s ago: executing program 0 (id=486): prlimit64(0x0, 0xe, &(0x7f0000000040)={0xa, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave']) chdir(&(0x7f0000000240)='./file0\x00') r3 = open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0) ftruncate(r3, 0x2007ffc) sendfile(r3, r3, 0x0, 0x800000009) 4.46200762s ago: executing program 1 (id=487): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000001ec0)={0x1, &(0x7f0000001e80)=[{0x0, 0x1000}]}) socket(0x1d, 0x2, 0x7) r2 = syz_io_uring_setup(0x1e1a, &(0x7f0000000440)={0x0, 0x430, 0x10100, 0x0, 0x83}, &(0x7f0000002000)=0x0, &(0x7f0000000040)=0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x80, 0xc9, "7e118e8456ee1d14"}}}, 0xe) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x23}) io_uring_enter(r2, 0x100048ed, 0x0, 0x2, 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10) listen(r0, 0xda90) r5 = openat$sequencer(0xffffff9c, &(0x7f0000000480), 0x0, 0x0) socket(0x1, 0x5, 0x8) ioctl$SNDCTL_SEQ_NRMIDIS(r5, 0xc0046d00, &(0x7f0000001500)) accept4(r0, 0x0, 0x0, 0x0) 3.543591004s ago: executing program 0 (id=488): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) socket$kcm(0x10, 0x400000002, 0x0) socket$kcm(0x1e, 0x4, 0x0) socket$kcm(0x22, 0x2, 0x21) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x6, 0x4}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x20000, 0x4, 0x3, 0x141, r0}, 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000007c0)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000018010000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 3.536268644s ago: executing program 3 (id=489): socket$tipc(0x1e, 0x5, 0x0) socket(0x848000000015, 0x805, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) socket$alg(0x26, 0x5, 0x0) userfaultfd(0x801) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080000000140012800a00010076786c616e0000000400028008000a00", @ANYRES64=r0], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) 3.535494214s ago: executing program 2 (id=490): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000140)=[{&(0x7f00000001c0)="580000001400192340834b80040d8c560a067f0202ff000000000001000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100040c10000000010000000000", 0x58}], 0x1) socket$inet_udp(0x2, 0x2, 0x0) 3.262419618s ago: executing program 0 (id=491): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58) 3.262176138s ago: executing program 3 (id=492): openat$procfs(0xffffff9c, &(0x7f0000000140)='/proc/sysvipc/sem\x00', 0x0, 0x0) socket$l2tp6(0xa, 0x2, 0x73) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = add_key$keyring(&(0x7f0000000340), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$assume_authority(0x10, r1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x14, 0x15, 0xa, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x24040808) 2.191290215s ago: executing program 0 (id=493): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r3, 0x0) setpgid(0x0, r3) bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000440)='./file0/file0\x00'}, 0x18) 2.181531505s ago: executing program 2 (id=494): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000140), r4) sendmsg$SMC_PNETID_ADD(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000002000000090001"], 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 1.753959382s ago: executing program 3 (id=495): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 1.513720325s ago: executing program 1 (id=496): sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x149802, 0x0) r4 = dup(r3) sendfile(r3, r4, 0x0, 0x80006) 248.971085ms ago: executing program 2 (id=497): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) unshare(0x6a040000) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, 0x0) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r3, 0x0, 0x40000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x8001, 0x2400}, 0xa5, 0x4, 0x10100000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000019580)=@newqdisc={0x40, 0x24, 0xd0f, 0x70bd26, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xfff2, 0xa}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x7}]}}]}, 0x40}}, 0x800) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf6", 0x13, 0x11, 0x0, 0x0) 0s ago: executing program 1 (id=498): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x200000, &(0x7f0000000180)={[{@delalloc}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e") open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x200401, 0xcc) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) pipe2$9p(&(0x7f0000000240), 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a00010000"], 0x64}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.85' (ED25519) to the list of known hosts. syzkaller login: [ 87.446284][ T5776] cgroup: Unknown subsys name 'net' [ 87.612337][ T5776] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 89.404207][ T5776] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.441230][ T5797] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 91.455446][ T5797] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 91.479282][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.483987][ T5797] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 91.504303][ T5803] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 91.514632][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.523289][ T5803] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.530347][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.532897][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 91.539723][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.546186][ T5797] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 91.557103][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.564495][ T5797] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.572288][ T5802] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 91.579876][ T5797] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 91.587177][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.594178][ T5797] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 91.602988][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.610747][ T5797] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.619766][ T5802] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 91.631673][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.639901][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.643828][ T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 91.655626][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.301623][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 92.314871][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 92.336427][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 92.410950][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 92.590018][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.598005][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.606336][ T5786] bridge_slave_0: entered allmulticast mode [ 92.614317][ T5786] bridge_slave_0: entered promiscuous mode [ 92.657044][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.665608][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.675322][ T5786] bridge_slave_1: entered allmulticast mode [ 92.685303][ T5786] bridge_slave_1: entered promiscuous mode [ 92.694416][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.701675][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.709651][ T5789] bridge_slave_0: entered allmulticast mode [ 92.717737][ T5789] bridge_slave_0: entered promiscuous mode [ 92.726109][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.734085][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.741333][ T5785] bridge_slave_0: entered allmulticast mode [ 92.749442][ T5785] bridge_slave_0: entered promiscuous mode [ 92.800422][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.809392][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.817726][ T5789] bridge_slave_1: entered allmulticast mode [ 92.826926][ T5789] bridge_slave_1: entered promiscuous mode [ 92.847977][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.856523][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.864814][ T5785] bridge_slave_1: entered allmulticast mode [ 92.873709][ T5785] bridge_slave_1: entered promiscuous mode [ 92.901905][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.910992][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.918960][ T5787] bridge_slave_0: entered allmulticast mode [ 92.931895][ T5787] bridge_slave_0: entered promiscuous mode [ 92.950849][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.967175][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.021258][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.029071][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.038944][ T5787] bridge_slave_1: entered allmulticast mode [ 93.048383][ T5787] bridge_slave_1: entered promiscuous mode [ 93.122363][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.174897][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.190317][ T5786] team0: Port device team_slave_0 added [ 93.208586][ T5786] team0: Port device team_slave_1 added [ 93.218003][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.231201][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.244020][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.289782][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.398303][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.407728][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.437681][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.458762][ T5789] team0: Port device team_slave_0 added [ 93.487510][ T5787] team0: Port device team_slave_0 added [ 93.495760][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.505312][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.537505][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.552140][ T5789] team0: Port device team_slave_1 added [ 93.562437][ T5785] team0: Port device team_slave_0 added [ 93.573549][ T5787] team0: Port device team_slave_1 added [ 93.601442][ T5785] team0: Port device team_slave_1 added [ 93.650272][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.657803][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.685825][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.689730][ T5796] Bluetooth: hci1: command tx timeout [ 93.696581][ T50] Bluetooth: hci0: command tx timeout [ 93.696915][ T50] Bluetooth: hci2: command tx timeout [ 93.753965][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.761411][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.788204][ T50] Bluetooth: hci3: command tx timeout [ 93.794094][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.814172][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.821570][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.850225][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.864220][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.872480][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.900394][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.929898][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.937627][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.969386][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.991719][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.001024][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.030712][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.049686][ T5786] hsr_slave_0: entered promiscuous mode [ 94.056937][ T5786] hsr_slave_1: entered promiscuous mode [ 94.103617][ T5787] hsr_slave_0: entered promiscuous mode [ 94.111917][ T5787] hsr_slave_1: entered promiscuous mode [ 94.119358][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.129084][ T5787] Cannot create hsr debugfs directory [ 94.241765][ T5789] hsr_slave_0: entered promiscuous mode [ 94.249785][ T5789] hsr_slave_1: entered promiscuous mode [ 94.259110][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.271095][ T5789] Cannot create hsr debugfs directory [ 94.303507][ T5785] hsr_slave_0: entered promiscuous mode [ 94.311450][ T5785] hsr_slave_1: entered promiscuous mode [ 94.318377][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.326436][ T5785] Cannot create hsr debugfs directory [ 94.803165][ T5787] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.819422][ T5787] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.829794][ T5787] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.844987][ T5787] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.941255][ T5785] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.952614][ T5785] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.966190][ T5785] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.977239][ T5785] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.102420][ T5786] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.122256][ T5786] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.139562][ T5786] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.151547][ T5786] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.252894][ T5789] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.272908][ T5789] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.287843][ T5789] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.313263][ T5789] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.340991][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.400479][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.454758][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.463070][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.475245][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.482647][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.550798][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.628197][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.659335][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.698209][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.724459][ T3458] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.733698][ T3458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.752421][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.760513][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.764874][ T50] Bluetooth: hci1: command tx timeout [ 95.770091][ T5794] Bluetooth: hci0: command tx timeout [ 95.775613][ T5796] Bluetooth: hci2: command tx timeout [ 95.828422][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.836560][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.854572][ T50] Bluetooth: hci3: command tx timeout [ 95.897602][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.905101][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.956280][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.056123][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.115498][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.123082][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.157498][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.165943][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.335624][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.546737][ T5787] veth0_vlan: entered promiscuous mode [ 96.630586][ T5787] veth1_vlan: entered promiscuous mode [ 96.688776][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.786661][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.820906][ T5787] veth0_macvtap: entered promiscuous mode [ 96.854045][ T5787] veth1_macvtap: entered promiscuous mode [ 96.892034][ T5785] veth0_vlan: entered promiscuous mode [ 96.910496][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.944950][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.961099][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.989267][ T5787] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.999668][ T5787] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.010589][ T5787] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.019860][ T5787] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.048407][ T5785] veth1_vlan: entered promiscuous mode [ 97.197653][ T5786] veth0_vlan: entered promiscuous mode [ 97.264250][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.276043][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.290774][ T5789] veth0_vlan: entered promiscuous mode [ 97.336416][ T5785] veth0_macvtap: entered promiscuous mode [ 97.354150][ T5789] veth1_vlan: entered promiscuous mode [ 97.391853][ T5785] veth1_macvtap: entered promiscuous mode [ 97.405020][ T1312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.422153][ T1312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.422158][ T5786] veth1_vlan: entered promiscuous mode [ 97.529564][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.549007][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.565346][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.619661][ T5789] veth0_macvtap: entered promiscuous mode [ 97.632926][ T5789] veth1_macvtap: entered promiscuous mode [ 97.656769][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.680302][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.701082][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.737126][ T5785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.752010][ T5785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.790086][ T5785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.818423][ T28] audit: type=1326 audit(1752777375.800:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5878 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedd058e929 code=0x7ffc0000 [ 97.823906][ T5785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.847830][ T5879] syz.0.1[5879]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.870495][ T50] Bluetooth: hci1: command tx timeout [ 97.876206][ T50] Bluetooth: hci2: command tx timeout [ 97.881887][ T50] Bluetooth: hci0: command tx timeout [ 97.897455][ T5879] loop0: detected capacity change from 0 to 128 [ 97.905379][ T28] audit: type=1326 audit(1752777375.800:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5878 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedd058e929 code=0x7ffc0000 [ 97.932670][ T5796] Bluetooth: hci3: command tx timeout [ 97.940462][ T28] audit: type=1326 audit(1752777375.830:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5878 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7fedd058e929 code=0x7ffc0000 [ 97.977764][ T5786] veth0_macvtap: entered promiscuous mode [ 97.996990][ T28] audit: type=1326 audit(1752777375.830:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5878 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedd058e929 code=0x7ffc0000 [ 98.025159][ T28] audit: type=1326 audit(1752777375.830:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5878 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fedd058e929 code=0x7ffc0000 [ 98.058548][ T28] audit: type=1326 audit(1752777375.880:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5878 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fedd058e963 code=0x7ffc0000 [ 98.065956][ T785] cfg80211: failed to load regulatory.db [ 98.082926][ T28] audit: type=1326 audit(1752777375.880:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5878 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fedd058d3df code=0x7ffc0000 [ 98.126564][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.139425][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.150516][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.166131][ T28] audit: type=1326 audit(1752777375.880:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5878 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fedd058e9b7 code=0x7ffc0000 [ 98.190557][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.204911][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.213068][ T28] audit: type=1326 audit(1752777375.880:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5878 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fedd058d290 code=0x7ffc0000 [ 98.240256][ T28] audit: type=1326 audit(1752777375.880:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5878 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fedd058e52b code=0x7ffc0000 [ 98.306252][ T5879] netlink: 'syz.0.1': attribute type 16 has an invalid length. [ 98.314924][ T5879] netlink: 'syz.0.1': attribute type 17 has an invalid length. [ 98.335184][ T5879] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 98.356372][ T5786] veth1_macvtap: entered promiscuous mode [ 98.369081][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.384910][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.398360][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.412838][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.431593][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.529896][ T5789] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.551912][ T5789] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.578204][ T5789] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.593529][ T5789] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.751515][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.781152][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.033256][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.071611][ T1312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.208852][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.260618][ T1312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.456225][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.488053][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.499407][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.511107][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.529114][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.548096][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.563021][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.582402][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.600729][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.618082][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.629617][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.647383][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.727579][ T5786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.745369][ T5786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.756224][ T5786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.767063][ T5786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.812610][ T1312] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.831192][ T1312] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.872313][ T5889] ======================================================= [ 99.872313][ T5889] WARNING: The mand mount option has been deprecated and [ 99.872313][ T5889] and is ignored by this kernel. Remove the mand [ 99.872313][ T5889] option from the mount to silence this warning. [ 99.872313][ T5889] ======================================================= [ 99.924300][ T5796] Bluetooth: hci0: command tx timeout [ 99.930555][ T50] Bluetooth: hci2: command tx timeout [ 99.934444][ T5794] Bluetooth: hci1: command tx timeout [ 99.972367][ T3458] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.989111][ T3458] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.003560][ T5794] Bluetooth: hci3: command tx timeout [ 100.192462][ T3491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.221738][ T3491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.288115][ T1312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.307818][ T1312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.668751][ T5895] ptrace attach of ""[5896] was attempted by "./syz-executor exec"[5895] [ 102.753579][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.763702][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.058352][ T5911] loop0: detected capacity change from 0 to 512 [ 104.088098][ T5911] EXT4-fs error (device loop0): __ext4_fill_super:5502: inode #2: comm syz.0.10: iget: bad i_size value: -1 [ 104.110596][ T5911] EXT4-fs (loop0): get root inode failed [ 104.116572][ T5911] EXT4-fs (loop0): mount failed [ 104.414730][ T5916] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7'. [ 105.519710][ T5913] sched: RT throttling activated [ 105.532029][ T5918] loop0: detected capacity change from 0 to 128 [ 105.570175][ T5918] ADFS-fs (loop0): error: can't find an ADFS filesystem on dev loop0. [ 106.044242][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 106.116594][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.537935][ T5944] warning: `syz.1.18' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 112.247557][ T5960] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 114.188426][ T5979] netlink: 16 bytes leftover after parsing attributes in process `syz.1.27'. [ 114.208394][ T5979] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27'. [ 115.043961][ T5979] bridge1: entered promiscuous mode [ 115.137496][ T5979] bridge1: entered allmulticast mode [ 115.327383][ T5979] netlink: 'syz.1.27': attribute type 4 has an invalid length. [ 115.528030][ T5979] syz.1.27 (5979) used greatest stack depth: 20968 bytes left [ 115.798946][ T5994] loop1: detected capacity change from 0 to 2048 [ 115.830517][ T5991] syz.2.30 uses obsolete (PF_INET,SOCK_PACKET) [ 117.070210][ T5994] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.279855][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.445793][ T6005] loop3: detected capacity change from 0 to 8192 [ 118.826469][ T6018] loop0: detected capacity change from 0 to 128 [ 118.923519][ T6018] FAT-fs (loop0): Directory bread(block 414) failed [ 118.973368][ T6018] FAT-fs (loop0): Directory bread(block 415) failed [ 119.011111][ T6018] FAT-fs (loop0): Directory bread(block 416) failed [ 119.042338][ T6022] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 119.062526][ T6018] FAT-fs (loop0): Directory bread(block 417) failed [ 119.117548][ T6018] FAT-fs (loop0): Directory bread(block 418) failed [ 119.132583][ T6018] FAT-fs (loop0): Directory bread(block 419) failed [ 119.153363][ T6018] FAT-fs (loop0): Directory bread(block 420) failed [ 119.325868][ T6018] FAT-fs (loop0): Directory bread(block 421) failed [ 120.152295][ T6031] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.162772][ T6031] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.222022][ T6034] FAT-fs (loop0): Directory bread(block 414) failed [ 120.230070][ T6034] FAT-fs (loop0): Directory bread(block 415) failed [ 120.253980][ T6034] syz.0.37: attempt to access beyond end of device [ 120.253980][ T6034] loop0: rw=3, sector=478, nr_sectors = 2 limit=128 [ 120.268110][ T6034] syz.0.37: attempt to access beyond end of device [ 120.268110][ T6034] loop0: rw=2051, sector=480, nr_sectors = 6 limit=128 [ 120.435920][ T6031] bridge0: entered allmulticast mode [ 120.475137][ T6035] mmap: syz.1.40 (6035) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 120.647421][ T6031] bridge_slave_1: left allmulticast mode [ 120.665741][ T6031] bridge_slave_1: left promiscuous mode [ 120.695939][ T6031] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.740491][ T6031] bridge_slave_0: left allmulticast mode [ 120.753415][ T6031] bridge_slave_0: left promiscuous mode [ 120.771056][ T6031] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.104942][ T785] IPVS: starting estimator thread 0... [ 121.294370][ T6041] IPVS: using max 17 ests per chain, 40800 per kthread [ 121.841228][ T6043] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 122.632709][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 122.953691][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 122.966976][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 122.978191][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.158404][ T6070] loop3: detected capacity change from 0 to 256 [ 124.221465][ T6070] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 124.375675][ T6070] syz.3.50: attempt to access beyond end of device [ 124.375675][ T6070] loop3: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 124.581803][ T6070] syz.3.50: attempt to access beyond end of device [ 124.581803][ T6070] loop3: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 124.598483][ T6070] syz.3.50: attempt to access beyond end of device [ 124.598483][ T6070] loop3: rw=0, sector=280, nr_sectors = 8 limit=256 [ 124.624440][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.633649][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.647853][ T28] kauditd_printk_skb: 35 callbacks suppressed [ 124.647866][ T28] audit: type=1800 audit(1752777402.630:47): pid=6070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.50" name="file1" dev="loop3" ino=1048594 res=0 errno=0 [ 125.772290][ T6070] netlink: 165 bytes leftover after parsing attributes in process `syz.3.50'. [ 125.874746][ T6070] syz.3.50 (6070) used greatest stack depth: 20776 bytes left [ 126.985720][ T6086] netlink: 24 bytes leftover after parsing attributes in process `syz.2.54'. [ 133.851938][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.865840][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 136.229101][ T6142] Bluetooth: MGMT ver 1.22 [ 136.247971][ T28] audit: type=1326 audit(1752777414.230:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.1.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ff498e929 code=0x7ffc0000 [ 136.281269][ T28] audit: type=1326 audit(1752777414.260:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.1.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ff498e929 code=0x7ffc0000 [ 136.326396][ T28] audit: type=1326 audit(1752777414.290:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.1.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f0ff498e929 code=0x7ffc0000 [ 136.547415][ T28] audit: type=1326 audit(1752777414.290:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.1.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ff498e929 code=0x7ffc0000 [ 136.696895][ T28] audit: type=1326 audit(1752777414.290:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.1.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ff498e929 code=0x7ffc0000 [ 137.223316][ T28] audit: type=1326 audit(1752777414.290:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.1.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0ff498e929 code=0x7ffc0000 [ 137.353756][ T28] audit: type=1326 audit(1752777414.290:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.1.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ff498e929 code=0x7ffc0000 [ 137.389520][ T28] audit: type=1326 audit(1752777414.300:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.1.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ff498e929 code=0x7ffc0000 [ 137.457779][ T28] audit: type=1326 audit(1752777414.300:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.1.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f0ff498e929 code=0x7ffc0000 [ 137.540679][ T28] audit: type=1326 audit(1752777414.300:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.1.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ff498e929 code=0x7ffc0000 [ 138.552266][ T6155] loop0: detected capacity change from 0 to 512 [ 138.636235][ T6155] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 138.750899][ T6155] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.833687][ T6155] ext4 filesystem being mounted at /17/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 139.151569][ T6168] loop1: detected capacity change from 0 to 4096 [ 139.167929][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.610010][ T6188] loop0: detected capacity change from 0 to 1024 [ 141.733502][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 141.733522][ T28] audit: type=1326 audit(1752777418.870:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6182 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7fedd058e929 code=0x7ffc0000 [ 141.813146][ T6188] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 141.900008][ T6188] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 141.978672][ T28] audit: type=1326 audit(1752777418.870:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6182 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedd058e929 code=0x7ffc0000 [ 142.628425][ T6188] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 142.785869][ T28] audit: type=1326 audit(1752777418.870:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6182 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedd058e929 code=0x7ffc0000 [ 142.863090][ T28] audit: type=1326 audit(1752777419.580:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6182 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fedd058e929 code=0x7ffc0000 [ 142.876846][ T6188] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 2: comm syz.0.79: lblock 2 mapped to illegal pblock 2 (length 1) [ 142.925682][ T28] audit: type=1326 audit(1752777419.580:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6182 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fedd058e963 code=0x7ffc0000 [ 142.928155][ T6197] vlan2: entered promiscuous mode [ 143.070004][ T6203] sctp: [Deprecated]: syz.1.84 (pid 6203) Use of struct sctp_assoc_value in delayed_ack socket option. [ 143.070004][ T6203] Use struct sctp_sack_info instead [ 144.623248][ T6188] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 144.635516][ T6188] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 48: comm syz.0.79: lblock 0 mapped to illegal pblock 48 (length 1) [ 144.665697][ T28] audit: type=1326 audit(1752777419.580:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6182 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fedd058d3df code=0x7ffc0000 [ 144.686556][ T6197] bond0: entered promiscuous mode [ 144.708869][ T6188] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 144.714586][ T6197] bond_slave_0: entered promiscuous mode [ 144.739936][ T6188] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.79: Failed to acquire dquot type 0 [ 144.758450][ T6197] bond_slave_1: entered promiscuous mode [ 144.760257][ T28] audit: type=1326 audit(1752777419.590:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6182 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fedd058e9b7 code=0x7ffc0000 [ 144.821472][ T28] audit: type=1326 audit(1752777419.590:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6182 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fedd058d290 code=0x7ffc0000 [ 144.871660][ T6188] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 145.011589][ T6188] EXT4-fs error (device loop0): ext4_evict_inode:252: inode #11: comm syz.0.79: mark_inode_dirty error [ 145.036260][ T6188] EXT4-fs warning (device loop0): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 145.098787][ T6188] EXT4-fs (loop0): 1 orphan inode deleted [ 145.108720][ T6188] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.137708][ T1312] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:5: lblock 1 mapped to illegal pblock 1 (length 1) [ 145.173823][ T1312] EXT4-fs error (device loop0): ext4_release_dquot:6974: comm kworker/u4:5: Failed to release dquot type 0 [ 145.199604][ T6188] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.209595][ T6188] EXT4-fs error (device loop0): __ext4_get_inode_loc:4483: comm syz.0.79: Invalid inode table block 1 in block_group 0 [ 145.236351][ T6188] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 145.254922][ T6188] EXT4-fs error (device loop0): ext4_quota_off:7222: inode #3: comm syz.0.79: mark_inode_dirty error [ 145.369821][ T6210] netlink: 576 bytes leftover after parsing attributes in process `syz.2.86'. [ 147.393522][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 147.393540][ T28] audit: type=1326 audit(1752777424.830:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.2.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d2558e929 code=0x7ffc0000 [ 147.516953][ T28] audit: type=1326 audit(1752777425.420:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.2.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d2558e929 code=0x7ffc0000 [ 148.003709][ T6232] syz.2.93 (6232) used greatest stack depth: 20464 bytes left [ 150.142098][ T6256] Zero length message leads to an empty skb [ 150.202371][ T6256] macsec1: entered promiscuous mode [ 150.233355][ T6256] macvlan1: entered promiscuous mode [ 150.272824][ T6256] macvlan1: left promiscuous mode [ 151.314676][ T6266] netlink: 12 bytes leftover after parsing attributes in process `syz.3.103'. [ 152.039506][ T6272] hugetlbfs: syz.3.104 (6272): Using mlock ulimits for SHM_HUGETLB is obsolete [ 154.538637][ T6282] ptrace attach of ""[6283] was attempted by "./syz-executor exec"[6282] [ 156.470750][ T6303] netlink: 'syz.1.110': attribute type 11 has an invalid length. [ 169.087203][ T6424] loop0: detected capacity change from 0 to 1024 [ 172.375298][ T6424] hfsplus: failed to load attributes file [ 172.578927][ T6439] netlink: 16 bytes leftover after parsing attributes in process `syz.3.134'. [ 172.694600][ T6444] loop1: detected capacity change from 0 to 2048 [ 172.730691][ T6439] netlink: 12 bytes leftover after parsing attributes in process `syz.3.134'. [ 172.776668][ T6444] loop1: p1 < > p3 [ 172.793047][ T6444] loop1: p3 size 134217728 extends beyond EOD, truncated [ 172.826093][ T6449] bridge0: the hash_elasticity option has been deprecated and is always 16 [ 173.035603][ T6444] kvm: emulating exchange as write [ 173.095188][ T28] audit: type=1326 audit(1752777451.080:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d138e929 code=0x7ffc0000 [ 173.166757][ T28] audit: type=1326 audit(1752777451.100:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f03d138e929 code=0x7ffc0000 [ 173.202215][ T28] audit: type=1326 audit(1752777451.100:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d138e929 code=0x7ffc0000 [ 173.232351][ T28] audit: type=1326 audit(1752777451.100:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d138e929 code=0x7ffc0000 [ 173.261088][ T28] audit: type=1326 audit(1752777451.100:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f03d138e929 code=0x7ffc0000 [ 173.291491][ T6458] loop2: detected capacity change from 0 to 512 [ 173.327129][ T6458] EXT4-fs: Ignoring removed oldalloc option [ 173.377412][ T28] audit: type=1326 audit(1752777451.100:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d138e929 code=0x7ffc0000 [ 173.484643][ T6458] EXT4-fs (loop2): 1 truncate cleaned up [ 173.495550][ T28] audit: type=1326 audit(1752777451.100:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d138e929 code=0x7ffc0000 [ 173.532418][ T6458] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.627034][ T28] audit: type=1326 audit(1752777451.100:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f03d138e929 code=0x7ffc0000 [ 173.977714][ T28] audit: type=1326 audit(1752777451.100:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d138e929 code=0x7ffc0000 [ 174.316068][ T28] audit: type=1326 audit(1752777451.100:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f03d138e929 code=0x7ffc0000 [ 177.025233][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.331125][ T6490] netlink: 80 bytes leftover after parsing attributes in process `syz.0.148'. [ 178.486104][ T6492] fuse: Bad value for 'fd' [ 181.384851][ T6508] loop0: detected capacity change from 0 to 128 [ 183.858588][ T6522] loop1: detected capacity change from 0 to 512 [ 184.087337][ T6522] EXT4-fs (loop1): Test dummy encryption mode enabled [ 185.109718][ T6522] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.157: corrupted in-inode xattr: invalid ea_ino [ 185.156592][ T6522] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.157: couldn't read orphan inode 15 (err -117) [ 185.227027][ T6522] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 185.480720][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.649581][ T6551] batman_adv: batadv0: Adding interface: dummy0 [ 186.669624][ T6551] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.733594][ T6551] batman_adv: batadv0: Interface activated: dummy0 [ 186.796184][ T6552] batadv0: mtu less than device minimum [ 186.845577][ T6552] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 186.859200][ T6552] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 186.875365][ T6552] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 186.889197][ T6552] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 186.903558][ T6552] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 186.916582][ T6552] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 186.929676][ T6552] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 186.943812][ T6552] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 186.959528][ T6552] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 192.265299][ T6587] xt_CT: You must specify a L4 protocol and not use inversions on it [ 192.938947][ T6598] loop1: detected capacity change from 0 to 512 [ 193.871875][ T6598] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 195.320860][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.343801][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.797973][ T6625] loop0: detected capacity change from 0 to 2048 [ 196.826076][ T6625] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.852379][ T6623] loop1: detected capacity change from 0 to 2048 [ 196.997480][ T6623] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 197.110831][ T6625] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.185: bg 0: block 234: padding at end of block bitmap is not set [ 197.180617][ T6625] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 76 with error 28 [ 197.217444][ T6625] EXT4-fs (loop0): This should not happen!! Data will be lost [ 197.217444][ T6625] [ 197.243959][ T6625] EXT4-fs (loop0): Total free blocks count 0 [ 197.272906][ T6625] EXT4-fs (loop0): Free/Dirty block details [ 197.279848][ T6625] EXT4-fs (loop0): free_blocks=0 [ 197.307244][ T6625] EXT4-fs (loop0): dirty_blocks=80 [ 197.347522][ T6625] EXT4-fs (loop0): Block reservation details [ 197.396788][ T6625] EXT4-fs (loop0): i_reserved_data_blocks=5 [ 199.379311][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.464213][ T6650] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 199.494943][ T6650] CIFS mount error: No usable UNC path provided in device string! [ 199.494943][ T6650] [ 199.507813][ T6650] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 200.311790][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 200.311806][ T28] audit: type=1326 audit(1752777479.296:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d2558e929 code=0x7ffc0000 [ 200.447655][ T28] audit: type=1326 audit(1752777479.336:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f3d2558e929 code=0x7ffc0000 [ 200.489706][ T28] audit: type=1326 audit(1752777479.336:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d2558e929 code=0x7ffc0000 [ 200.514773][ T28] audit: type=1326 audit(1752777479.336:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d2558e929 code=0x7ffc0000 [ 200.549493][ T6652] pimreg: entered allmulticast mode [ 200.583499][ T28] audit: type=1326 audit(1752777479.356:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3d2558e929 code=0x7ffc0000 [ 200.637658][ T6652] pimreg: left allmulticast mode [ 200.643315][ T28] audit: type=1326 audit(1752777479.356:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d2558e929 code=0x7ffc0000 [ 200.733367][ T6659] syz.3.194: attempt to access beyond end of device [ 200.733367][ T6659] loop7: rw=0, sector=64, nr_sectors = 2 limit=0 [ 200.768119][ T6660] xt_CONNSECMARK: invalid mode: 0 [ 200.777503][ T28] audit: type=1326 audit(1752777479.356:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f3d2558e929 code=0x7ffc0000 [ 200.817794][ T6659] isofs_fill_super: bread failed, dev=loop7, iso_blknum=16, block=32 [ 200.977476][ T6664] netlink: 28 bytes leftover after parsing attributes in process `syz.1.192'. [ 200.988062][ T6664] netlink: 28 bytes leftover after parsing attributes in process `syz.1.192'. [ 201.018103][ T6660] loop0: detected capacity change from 0 to 1024 [ 201.210580][ T28] audit: type=1326 audit(1752777479.546:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d2558e929 code=0x7ffc0000 [ 201.403362][ T28] audit: type=1326 audit(1752777479.546:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d2558e929 code=0x7ffc0000 [ 201.761913][ T6669] netlink: 4 bytes leftover after parsing attributes in process `syz.3.198'. [ 201.974379][ T6676] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 202.018462][ T6676] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 202.502131][ T5830] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 204.443573][ T5830] usb 3-1: Using ep0 maxpacket: 16 [ 204.462542][ T5830] usb 3-1: config 0 has an invalid descriptor of length 100, skipping remainder of the config [ 204.487389][ T5830] usb 3-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00 [ 204.498309][ T6693] process 'syz.3.204' launched './file1' with NULL argv: empty string added [ 204.507805][ T5830] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.530871][ T5830] usb 3-1: config 0 descriptor?? [ 204.557264][ T5830] gspca_main: spca501-2.14.0 probing 0000:0000 [ 204.631602][ T6696] netlink: 2028 bytes leftover after parsing attributes in process `syz.1.205'. [ 204.672154][ T6696] netlink: 24 bytes leftover after parsing attributes in process `syz.1.205'. [ 204.702678][ T6698] netlink: 'syz.0.206': attribute type 1 has an invalid length. [ 204.758950][ T6698] 8021q: adding VLAN 0 to HW filter on device bond1 [ 204.863867][ T6698] 8021q: adding VLAN 0 to HW filter on device bond1 [ 204.875630][ T6698] bond1: (slave ipip0): The slave device specified does not support setting the MAC address [ 204.889899][ T6698] bond1: (slave ipip0): Error -95 calling set_mac_address [ 204.933604][ T6702] bond1: (slave ip6erspan0): making interface the new active one [ 204.944671][ T6702] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 204.974444][ T5830] gspca_spca501: reg write: error -71 [ 204.980373][ T5830] spca501 3-1:0.0: Reg write failed for 0x02,0xa048,0x00 [ 204.994860][ T5830] spca501: probe of 3-1:0.0 failed with error -22 [ 205.022862][ T5830] usb 3-1: USB disconnect, device number 2 [ 207.302164][ T6725] gtp0: entered promiscuous mode [ 209.138101][ T6744] SET target dimension over the limit! [ 209.286865][ T5850] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 210.433255][ T5850] usb 2-1: Using ep0 maxpacket: 32 [ 210.462736][ T5850] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 210.480730][ T5850] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 210.511557][ T5850] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 210.529670][ T6756] loop2: detected capacity change from 0 to 1764 [ 210.537070][ T5850] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 81 [ 210.583372][ T5850] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 210.642343][ T5850] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.916381][ T5850] usb 2-1: config 0 descriptor?? [ 212.944182][ T5850] usb 2-1: can't set config #0, error -71 [ 212.974850][ T5850] usb 2-1: USB disconnect, device number 2 [ 213.120468][ T6769] batman_adv: batadv0: Interface deactivated: dummy0 [ 213.151165][ T6769] batman_adv: batadv0: Removing interface: dummy0 [ 213.248419][ T6769] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.280363][ T6769] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.292408][ T6769] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.313618][ T6769] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 213.552031][ T6767] loop1: detected capacity change from 0 to 512 [ 213.587698][ T6767] EXT4-fs: Ignoring removed nomblk_io_submit option [ 214.013482][ T6767] ext4: Unknown parameter 'smackfsdef' [ 214.080288][ T5788] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 217.465969][ T6802] sit0: entered promiscuous mode [ 217.488414][ T6802] netlink: 21 bytes leftover after parsing attributes in process `syz.3.235'. [ 218.008355][ T5104] Bluetooth: hci2: command 0x0406 tx timeout [ 218.014691][ T5797] Bluetooth: hci0: command 0x0406 tx timeout [ 218.014719][ T5803] Bluetooth: hci3: command 0x0406 tx timeout [ 218.020912][ T5797] Bluetooth: hci1: command 0x0406 tx timeout [ 219.840932][ T6823] Falling back ldisc for ttyS3. [ 220.230611][ T6830] loop2: detected capacity change from 0 to 512 [ 220.272002][ T6829] netlink: 12 bytes leftover after parsing attributes in process `syz.0.243'. [ 220.316533][ T6830] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e000c018, mo2=0002] [ 220.341725][ T6830] System zones: 0-2, 18-18, 34-35 [ 220.362806][ T6830] EXT4-fs error (device loop2): ext4_quota_enable:7129: inode #4: comm syz.2.242: iget: bad i_size value: 5910974510929920 [ 220.427075][ T6830] EXT4-fs error (device loop2): ext4_quota_enable:7132: comm syz.2.242: Bad quota inode: 4, type: 1 [ 220.443640][ T6830] EXT4-fs warning (device loop2): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 220.463939][ T6830] EXT4-fs (loop2): mount failed [ 223.766351][ T6855] team_slave_0: entered promiscuous mode [ 223.773341][ T6855] team_slave_1: entered promiscuous mode [ 223.782387][ T6855] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 223.797286][ T6855] team_slave_0: left promiscuous mode [ 223.802899][ T6855] team_slave_1: left promiscuous mode [ 228.123471][ T6876] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 233.493671][ T6907] loop2: detected capacity change from 0 to 8 [ 233.535040][ T6907] SQUASHFS error: Failed to read block 0x4e8: -5 [ 233.542029][ T6907] SQUASHFS error: Failed to read block 0x4de: -5 [ 233.549720][ T6907] SQUASHFS error: Failed to read block 0x4de: -5 [ 233.557163][ T6907] SQUASHFS error: Failed to read block 0x4de: -5 [ 233.581594][ T28] audit: type=1800 audit(1752777512.556:103): pid=6907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.262" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 234.636310][ T6915] SET target dimension over the limit! [ 240.759567][ T6965] loop1: detected capacity change from 0 to 2048 [ 240.890063][ T6965] loop1: p1 < > p3 [ 240.897846][ T6965] loop1: p3 size 134217728 extends beyond EOD, truncated [ 241.960250][ T6972] loop0: detected capacity change from 0 to 2048 [ 242.328445][ T6972] loop0: p1 < > p4 [ 242.636448][ T6972] loop0: p4 size 8388608 extends beyond EOD, truncated [ 242.728652][ T6980] syz.0.281: attempt to access beyond end of device [ 242.728652][ T6980] loop1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 242.777325][ T6980] isofs_fill_super: bread failed, dev=loop1, iso_blknum=16, block=32 [ 242.796208][ T6975] loop2: detected capacity change from 0 to 4096 [ 243.820067][ T6975] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 244.151838][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.524430][ T7013] netlink: 'syz.0.289': attribute type 3 has an invalid length. [ 248.680517][ T7028] loop2: detected capacity change from 0 to 2048 [ 248.799407][ T7030] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.809962][ T7030] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.819008][ T7030] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.828067][ T7030] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.843743][ T7028] loop2: p1 < > p4 [ 248.897495][ T7030] bond0: (slave vxlan0): Enslaving as an active interface with an up link [ 248.898277][ T7028] loop2: p4 size 8388608 extends beyond EOD, truncated [ 248.930875][ T7032] pimreg: entered allmulticast mode [ 249.630954][ T7028] pimreg: left allmulticast mode [ 249.836275][ T7032] isofs_fill_super: bread failed, dev=loop2p1, iso_blknum=16, block=32 [ 251.046959][ T7047] netlink: 'syz.0.307': attribute type 1 has an invalid length. [ 251.145076][ T7047] loop0: detected capacity change from 0 to 2048 [ 255.992312][ T7066] netlink: 80 bytes leftover after parsing attributes in process `syz.0.302'. [ 256.028908][ T7067] loop2: detected capacity change from 0 to 4096 [ 256.069734][ T7067] ntfs: (device loop2): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 256.091107][ T7067] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 256.100628][ T7067] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 256.117700][ T7067] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 256.726971][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.733939][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.110168][ T7067] ntfs: volume version 3.1. [ 258.413524][ T7087] netlink: 'syz.0.310': attribute type 1 has an invalid length. [ 260.137858][ T7091] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 260.211610][ T7091] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 260.232151][ T7091] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 260.245299][ T7091] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 260.261703][ T7091] bond2: (slave geneve2): making interface the new active one [ 260.276279][ T7091] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 260.285557][ T7093] netlink: 28 bytes leftover after parsing attributes in process `syz.0.310'. [ 260.296754][ T7093] 8021q: adding VLAN 0 to HW filter on device bond2 [ 261.294401][ T7091] syz.0.310 (7091) used greatest stack depth: 20208 bytes left [ 261.749792][ T7113] netlink: 'syz.0.325': attribute type 27 has an invalid length. [ 263.981200][ T7138] tipc: Started in network mode [ 263.998036][ T7138] tipc: Node identity be8a30d45a6b, cluster identity 4711 [ 264.011987][ T7138] tipc: Enabled bearer , priority 0 [ 264.022435][ T7138] syzkaller0: entered promiscuous mode [ 264.034618][ T7138] syzkaller0: entered allmulticast mode [ 264.109592][ T7138] tipc: Resetting bearer [ 264.150664][ T7140] netlink: 'syz.3.323': attribute type 1 has an invalid length. [ 264.205048][ T7135] tipc: Resetting bearer [ 264.306596][ T7135] tipc: Disabling bearer [ 264.540919][ T7150] netlink: 'syz.2.328': attribute type 1 has an invalid length. [ 264.729889][ T7150] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 264.764551][ T7153] netlink: 28 bytes leftover after parsing attributes in process `syz.2.328'. [ 264.864664][ T7153] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 264.965825][ T7153] bond1 (unregistering): Released all slaves [ 271.217233][ T7218] 9pnet: p9_errstr2errno: server reported unknown error 184467440737095 [ 282.954201][ T7324] tipc: Enabling of bearer rejected, failed to enable media [ 283.058135][ T7327] Cannot find add_set index 0 as target [ 285.060719][ T7340] xt_socket: unknown flags 0x50 [ 289.158342][ T7377] tipc: Enabling of bearer rejected, failed to enable media [ 290.329077][ T27] kernel write not supported for file /sequencer (pid: 27 comm: kworker/1:1) [ 292.875095][ T7429] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 293.212638][ T7428] tipc: Started in network mode [ 293.280804][ T7428] tipc: Node identity 5abfa29a494d, cluster identity 4711 [ 293.483600][ T7428] tipc: Enabled bearer , priority 0 [ 293.509304][ T7434] syzkaller0: entered promiscuous mode [ 293.553832][ T7434] syzkaller0: entered allmulticast mode [ 293.614828][ T7427] tipc: Resetting bearer [ 293.790105][ T7427] tipc: Disabling bearer [ 294.732103][ T7442] trusted_key: syz.0.390 sent an empty control message without MSG_MORE. [ 295.533893][ T7470] netlink: 104 bytes leftover after parsing attributes in process `syz.1.395'. [ 299.714839][ T7510] tipc: Enabled bearer , priority 0 [ 299.732091][ T7510] syzkaller0: entered promiscuous mode [ 299.748334][ T7510] syzkaller0: entered allmulticast mode [ 300.545333][ T7508] tipc: Resetting bearer [ 300.697754][ T5831] kernel write not supported for file /sequencer (pid: 5831 comm: kworker/1:4) [ 300.845264][ T9] tipc: Node number set to 334668442 [ 301.811958][ T7508] tipc: Disabling bearer [ 302.507008][ T7532] netlink: 4 bytes leftover after parsing attributes in process `syz.2.413'. [ 302.551578][ T7532] netlink: 4 bytes leftover after parsing attributes in process `syz.2.413'. [ 305.540355][ T7565] netlink: 'syz.1.424': attribute type 1 has an invalid length. [ 305.590323][ T7565] 8021q: adding VLAN 0 to HW filter on device bond1 [ 305.657157][ T7565] bond1: (slave veth3): Enslaving as an active interface with a down link [ 305.706132][ T7565] vlan2: entered allmulticast mode [ 305.711615][ T7565] veth1: entered allmulticast mode [ 305.720575][ T7565] veth1: entered promiscuous mode [ 305.733299][ T7565] veth1: left promiscuous mode [ 305.741744][ T7565] bond1: (slave vlan2): making interface the new active one [ 305.784580][ T7565] veth1: entered promiscuous mode [ 305.800224][ T7565] vlan2: entered promiscuous mode [ 305.806401][ T7565] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 308.168436][ T7593] tipc: Started in network mode [ 308.173946][ T7593] tipc: Node identity 226bc55be207, cluster identity 4711 [ 308.181856][ T7593] tipc: Enabled bearer , priority 0 [ 308.194198][ T7593] syzkaller0: entered promiscuous mode [ 308.199745][ T7593] syzkaller0: entered allmulticast mode [ 308.539102][ T7591] tipc: Resetting bearer [ 308.711309][ T7591] tipc: Disabling bearer [ 310.230064][ T7609] netlink: 20 bytes leftover after parsing attributes in process `syz.3.435'. [ 310.359824][ T7609] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.369367][ T7609] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.387805][ T7613] capability: warning: `syz.1.436' uses deprecated v2 capabilities in a way that may be insecure [ 310.515796][ T7612] loop2: detected capacity change from 0 to 4096 [ 310.541260][ T7612] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 310.612964][ T7612] ntfs3: loop2: RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only. [ 311.087896][ T7612] ntfs3: loop2: $Secure::$SDH is corrupted. [ 311.300226][ T7612] ntfs3: loop2: Failed to initialize $Secure (-22). [ 311.892037][ T7627] tipc: Enabled bearer , priority 0 [ 311.914463][ T7627] syzkaller0: entered promiscuous mode [ 311.920284][ T7627] syzkaller0: entered allmulticast mode [ 312.110458][ T7625] tipc: Resetting bearer [ 312.158057][ T7625] tipc: Disabling bearer [ 312.199435][ T7633] xt_socket: unknown flags 0x50 [ 313.017960][ T7636] tipc: Enabling of bearer rejected, failed to enable media [ 313.973807][ T7643] tipc: Enabled bearer , priority 0 [ 313.982659][ T7643] syzkaller0: entered promiscuous mode [ 313.989519][ T7643] syzkaller0: entered allmulticast mode [ 314.029577][ T7640] tipc: Resetting bearer [ 314.110874][ T7640] tipc: Disabling bearer [ 317.629508][ T7665] netlink: 8 bytes leftover after parsing attributes in process `syz.3.452'. [ 317.640986][ T7665] netlink: 4 bytes leftover after parsing attributes in process `syz.3.452'. [ 317.678215][ T7663] loop0: detected capacity change from 0 to 1024 [ 317.690568][ T7663] EXT4-fs: Ignoring removed nobh option [ 317.697714][ T7663] EXT4-fs: Ignoring removed bh option [ 317.707588][ T7663] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 317.790725][ T7663] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 318.173979][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.180634][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.429854][ T7678] xt_socket: unknown flags 0x50 [ 319.416942][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.610923][ T7693] tipc: Enabled bearer , priority 0 [ 319.620043][ T7693] syzkaller0: entered promiscuous mode [ 319.626981][ T7693] syzkaller0: entered allmulticast mode [ 319.689678][ T7692] tipc: Resetting bearer [ 319.751645][ T7692] tipc: Disabling bearer [ 327.793896][ T7736] tipc: Enabling of bearer rejected, failed to enable media [ 327.987476][ T7743] netlink: 184 bytes leftover after parsing attributes in process `syz.2.470'. [ 328.032291][ T7743] bond0: entered allmulticast mode [ 328.074747][ T7743] bond_slave_0: entered allmulticast mode [ 328.091699][ T7743] bond_slave_1: entered allmulticast mode [ 329.037609][ T7751] loop1: detected capacity change from 0 to 1024 [ 331.120386][ T7761] netlink: 34 bytes leftover after parsing attributes in process `syz.1.480'. [ 332.416703][ T77] vlan2: left promiscuous mode [ 333.728263][ T5796] Bluetooth: hci0: unexpected event for opcode 0x0428 [ 335.350669][ T7789] netlink: 16 bytes leftover after parsing attributes in process `syz.3.485'. [ 336.532611][ T7798] delete_channel: no stack [ 338.043515][ T5796] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 338.052686][ T5796] Bluetooth: hci0: Injecting HCI hardware error event [ 338.063644][ T5802] Bluetooth: hci0: hardware error 0x00 [ 338.733232][ T7821] netlink: 20 bytes leftover after parsing attributes in process `syz.2.494'. [ 340.044341][ T7829] general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] PREEMPT SMP KASAN [ 340.056494][ T7829] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 340.065053][ T7829] CPU: 1 PID: 7829 Comm: syz.2.497 Not tainted 6.6.98-syzkaller #0 [ 340.072997][ T7829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 340.080092][ T7828] loop1: detected capacity change from 0 to 2048 [ 340.083083][ T7829] RIP: 0010:__list_del_entry_valid_or_report+0x23/0x130 [ 340.083133][ T7829] Code: 00 00 00 00 00 66 90 f3 0f 1e fa 41 57 41 56 41 54 53 48 89 fb 49 bc 00 00 00 00 00 fc ff df 48 83 c7 08 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 11 ca b7 fd 4c 8b 7b 08 48 89 d8 48 c1 e8 [ 340.116854][ T7829] RSP: 0018:ffffc9000f176d48 EFLAGS: 00010202 [ 340.124633][ T7829] RAX: 000000000000000b RBX: 0000000000000050 RCX: 0000000000080000 [ 340.133133][ T7829] RDX: ffffc9000e4f0000 RSI: 0000000000001357 RDI: 0000000000000058 [ 340.142029][ T7829] RBP: dffffc0000000000 R08: ffff88802fd75a00 R09: 0000000000000002 [ 340.150148][ T7829] R10: 00000000ffffffff R11: 0000000000000002 R12: dffffc0000000000 [ 340.158684][ T7829] R13: dffffc0000000000 R14: 0000000000000050 R15: ffff888076eff800 [ 340.166703][ T7829] FS: 00007f3d253ff6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 340.176395][ T7829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 340.184776][ T7829] CR2: 0000200000019580 CR3: 0000000030311000 CR4: 00000000003506e0 [ 340.194286][ T7829] Call Trace: [ 340.198267][ T7829] [ 340.201315][ T7829] drr_qlen_notify+0x2c/0xf0 [ 340.206049][ T7829] qdisc_tree_reduce_backlog+0x28b/0x470 [ 340.211869][ T7829] ? qdisc_tree_reduce_backlog+0x3c/0x470 [ 340.218506][ T7829] fq_codel_change+0xa2d/0xde0 [ 340.223347][ T7829] ? fq_codel_destroy+0x90/0x90 [ 340.228310][ T7829] ? ____sys_sendmsg+0x5bf/0x950 [ 340.233366][ T7829] fq_codel_init+0x361/0x970 [ 340.238101][ T7829] ? lockdep_rtnl_is_held+0x26/0x30 [ 340.243426][ T7829] ? qdisc_peek_dequeued+0x200/0x200 [ 340.249489][ T7829] qdisc_create+0x8eb/0x1050 [ 340.254314][ T7829] ? qdisc_notify+0x370/0x370 [ 340.259112][ T7829] ? lockdep_rtnl_is_held+0x26/0x30 [ 340.264620][ T7829] ? qdisc_lookup+0x179/0x6d0 [ 340.269337][ T7829] tc_modify_qdisc+0xb13/0x1be0 [ 340.275071][ T7829] ? qdisc_offload_query_caps+0x150/0x150 [ 340.281035][ T7829] ? qdisc_offload_query_caps+0x150/0x150 [ 340.286961][ T7829] rtnetlink_rcv_msg+0x7c7/0xf10 [ 340.291991][ T7829] ? rtnetlink_rcv_msg+0x1eb/0xf10 [ 340.297243][ T7829] ? lockdep_hardirqs_on+0x98/0x150 [ 340.303372][ T7829] ? rtnetlink_bind+0x80/0x80 [ 340.308123][ T7829] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 340.315599][ T7829] ? __dev_queue_xmit+0x245/0x35a0 [ 340.321181][ T7829] ? lock_chain_count+0x20/0x20 [ 340.326064][ T7829] ? __local_bh_enable_ip+0x12e/0x1c0 [ 340.331463][ T7829] ? lockdep_hardirqs_on+0x98/0x150 [ 340.336752][ T7829] ? __local_bh_enable_ip+0x12e/0x1c0 [ 340.342243][ T7829] ? _local_bh_enable+0xa0/0xa0 [ 340.347235][ T7829] ? __dev_queue_xmit+0x245/0x35a0 [ 340.352475][ T7829] ? __dev_queue_xmit+0x1449/0x35a0 [ 340.357732][ T7829] ? __dev_queue_xmit+0x245/0x35a0 [ 340.362959][ T7829] ? ref_tracker_free+0x634/0x7d0 [ 340.368018][ T7829] ? __copy_skb_header+0xa7/0x550 [ 340.373508][ T7829] netlink_rcv_skb+0x216/0x480 [ 340.378298][ T7829] ? rtnetlink_bind+0x80/0x80 [ 340.383010][ T7829] ? netlink_ack+0x1110/0x1110 [ 340.387855][ T7829] ? __lock_acquire+0x7c80/0x7c80 [ 340.393084][ T7829] ? netlink_deliver_tap+0x2e/0x1b0 [ 340.398320][ T7829] netlink_unicast+0x750/0x8c0 [ 340.403115][ T7829] netlink_sendmsg+0x8c1/0xbe0 [ 340.407960][ T7829] ? netlink_getsockopt+0x580/0x580 [ 340.413199][ T7829] ? aa_sock_msg_perm+0x94/0x150 [ 340.418333][ T7829] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 340.423917][ T7829] ? security_socket_sendmsg+0x80/0xa0 [ 340.429404][ T7829] ? netlink_getsockopt+0x580/0x580 [ 340.434716][ T7829] ____sys_sendmsg+0x5bf/0x950 [ 340.439519][ T7829] ? __asan_memset+0x22/0x40 [ 340.444326][ T7829] ? __sys_sendmsg_sock+0x30/0x30 [ 340.450069][ T7829] ? __import_iovec+0x5f2/0x860 [ 340.456262][ T7829] ? import_iovec+0x73/0xa0 [ 340.460790][ T7829] ___sys_sendmsg+0x220/0x290 [ 340.465499][ T7829] ? __sys_sendmsg+0x270/0x270 [ 340.470297][ T7829] ? put_user_ifreq+0x85/0xb0 [ 340.475011][ T7829] __se_sys_sendmsg+0x1a5/0x270 [ 340.479975][ T7829] ? __x64_sys_sendmsg+0x80/0x80 [ 340.484952][ T7829] ? lockdep_hardirqs_on+0x98/0x150 [ 340.490264][ T7829] do_syscall_64+0x55/0xb0 [ 340.494734][ T7829] ? clear_bhb_loop+0x40/0x90 [ 340.499427][ T7829] ? clear_bhb_loop+0x40/0x90 [ 340.504123][ T7829] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 340.510051][ T7829] RIP: 0033:0x7f3d2558e929 [ 340.514587][ T7829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.534415][ T7829] RSP: 002b:00007f3d253ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 340.542958][ T7829] RAX: ffffffffffffffda RBX: 00007f3d257b6080 RCX: 00007f3d2558e929 [ 340.551125][ T7829] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000004 [ 340.559328][ T7829] RBP: 00007f3d25610ca1 R08: 0000000000000000 R09: 0000000000000000 [ 340.567420][ T7829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 340.576132][ T7829] R13: 0000000000000000 R14: 00007f3d257b6080 R15: 00007fff8a7580c8 [ 340.584142][ T7829] [ 340.587189][ T7829] Modules linked in: [ 340.591235][ T7829] ---[ end trace 0000000000000000 ]--- [ 340.596775][ T7829] RIP: 0010:__list_del_entry_valid_or_report+0x23/0x130 [ 340.603809][ T7829] Code: 00 00 00 00 00 66 90 f3 0f 1e fa 41 57 41 56 41 54 53 48 89 fb 49 bc 00 00 00 00 00 fc ff df 48 83 c7 08 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 11 ca b7 fd 4c 8b 7b 08 48 89 d8 48 c1 e8 [ 340.623603][ T7829] RSP: 0018:ffffc9000f176d48 EFLAGS: 00010202 [ 340.629782][ T7829] RAX: 000000000000000b RBX: 0000000000000050 RCX: 0000000000080000 [ 340.637978][ T7829] RDX: ffffc9000e4f0000 RSI: 0000000000001357 RDI: 0000000000000058 [ 340.646323][ T7829] RBP: dffffc0000000000 R08: ffff88802fd75a00 R09: 0000000000000002 [ 340.655290][ T7829] R10: 00000000ffffffff R11: 0000000000000002 R12: dffffc0000000000 [ 340.663712][ T7829] R13: dffffc0000000000 R14: 0000000000000050 R15: ffff888076eff800 [ 340.671826][ T7829] FS: 00007f3d253ff6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 340.681106][ T7829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 340.687794][ T7829] CR2: 0000200000019580 CR3: 0000000030311000 CR4: 00000000003506e0 [ 340.696138][ T7829] Kernel panic - not syncing: Fatal exception in interrupt [ 340.703849][ T7829] Kernel Offset: disabled [ 340.708192][ T7829] Rebooting in 86400 seconds..